Does Page Expire Popup/Redirection for WordPress have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Page Expire Popup/Redirection for WordPress compatible with WordPress 6.9.4?

According to WordPress.org data, Page Expire Popup/Redirection for WordPress 1.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Page Expire Popup/Redirection for WordPress compatible with PHP 7.0+?

Page Expire Popup/Redirection for WordPress requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Page Expire Popup/Redirection for WordPress updated?

Page Expire Popup/Redirection for WordPress was last updated on Dec 26, 2025. Frequent updates are generally a positive security signal.

What is Page Expire Popup/Redirection for WordPress's security score?

Page Expire Popup/Redirection for WordPress has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Page Expire Popup/Redirection for WordPress Security & Risk Analysis

wordpress.org/plugins/page-expire-popup

Welcome to the Page Expire Popup An Awesome and Urgency Page Expire Popup or Redirect for WordPress.

10 active installs v1.1 PHP 7.0+ WP 5.6+ Updated Dec 26, 2025

exit-popupexpire-popuppage-expirepageexpirepopuppopup

A · Safe

CVEs total1

Unpatched0

Last CVEJan 5, 2026

Plugin page Download

Safety Verdict

Is Page Expire Popup/Redirection for WordPress Safe to Use in 2026?

Generally Safe

Score 99/100

Page Expire Popup/Redirection for WordPress has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Jan 5, 2026Updated 4mo ago

Risk Assessment

The 'page-expire-popup' plugin v1.1 exhibits a mixed security posture. While it avoids dangerous functions, file operations, and external HTTP requests, and includes some nonces, several concerning indicators are present. The presence of 3 AJAX handlers, with one lacking authentication checks, significantly expands the attack surface. This unprotected entry point, coupled with 50% of SQL queries not using prepared statements and only 45% of output being properly escaped, suggests a heightened risk of vulnerabilities. The taint analysis revealing a flow with unsanitized paths further exacerbates these concerns.

The vulnerability history indicates a past medium-severity SQL injection vulnerability. The fact that there are no currently unpatched vulnerabilities is a positive sign, but the pattern of past SQL injection issues, combined with the current code analysis findings (raw SQL, unsanitized paths), suggests a recurring weakness in input sanitization and SQL query handling. While the plugin has strengths in avoiding certain risky practices, the identified unprotected AJAX handler and code-level issues necessitate careful consideration of its security.

Key Concerns

Unprotected AJAX handler
SQL queries not prepared
Improper output escaping
Taint flow with unsanitized path
Past medium SQL injection vulnerability

Vulnerabilities

1 published

Page Expire Popup/Redirection for WordPress Security Vulnerabilities

CVEs by Year

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-14153medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Page Expire Popup/Redirection for WordPress <= 1.0 - Authenticated (Author+) SQL Injection via 'id' Shortcode Attribute

Jan 5, 2026 Patched in 1.1 (1d)

Version History

Page Expire Popup/Redirection for WordPress Release Timeline

v1.1.0

v1.0.01 CVE

CVE-2025-14153

Code Analysis

Analyzed Mar 17, 2026

Page Expire Popup/Redirection for WordPress Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

35 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

50% prepared4 total queries

Output Escaping

45% escaped77 total outputs

Data Flows · Security

1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths

<vfpepstructure> (inc\vfpepstructure.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Page Expire Popup/Redirection for WordPress Attack Surface

Entry Points4

Unprotected1

AJAX Handlers 3

authwp_ajax_myvfpageexpirepopupsavepageexpirepopup.php:63

authwp_ajax_myvfpageexpirepopupupdatepageexpirepopup.php:114

authwp_ajax_myvfpageexpirepopupdeletepageexpirepopup.php:166

Shortcodes 1

[vfpep] pageexpirepopup.php:192

WordPress Hooks 4

actionwp_enqueue_scriptspageexpirepopup.php:24

actionadmin_enqueue_scriptspageexpirepopup.php:33

actionadmin_menupageexpirepopup.php:46

actioninitpageexpirepopup.php:189

Maintenance & Trust

Page Expire Popup/Redirection for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 26, 2025

PHP min version7.0

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Page Expire Popup/Redirection for WordPress Alternatives

Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers

popup-builder-block

Powerful Popup Builder Block for Gutenberg block editor.

60K 7 CVEs

Popup Box – Create Countdown, Coupon, Video, Contact Form Popups

ays-popup-box

Build flexible popups and modal windows with multiple popup types, triggers, and display controls.

50K 18 CVEs

Popup Maker and Popup Anything – Popup for opt-ins and Lead Generation Conversions

popup-anything-on-click

Create popup on a page load or Create popup by clicking link, image and button. Create popups, opt-in forms, & exit popups, floating bars and more!

30K 4 CVEs

CartBounty – Save and recover abandoned carts for WooCommerce

woo-save-abandoned-carts

Save abandoned carts and send automated abandoned cart recovery messages. Get more leads, reduce cart abandonment, and increase sales.

10K 1 CVE

FireBox Popups – Increase Sales and Grow Your Email List

firebox

Our WordPress Popup Plugin can help you create any kind of popup! Optin Popups, Exit Popup, Scroll Popup, Page Load Popup, Floating Bars and more!

8K 1 CVE

Developer Profile

Page Expire Popup/Redirection for WordPress Developer Profile

Vikas Ratudi

7 plugins · 540 total installs

trust score

Avg Security Score

99/100

Avg Patch Time

8 days

View full developer profile

Detection Fingerprints

How We Detect Page Expire Popup/Redirection for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/page-expire-popup/assets/css/style.css/wp-content/plugins/page-expire-popup/assets/js/custom.js

Version Parameters

page-expire-popup/assets/css/style.css?ver=page-expire-popup/assets/js/custom.js?ver=

HTML / DOM Fingerprints

Data Attributes

vfpep-nonce

JS Globals

vfpep_ajax_object

REST Endpoints

/wp-json/page-expire-popup/v1

Shortcode Output

[vfpep id=

FAQ